X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=PLC%2FPersons.py;h=ff1b6cb845fa27bfb9554f3e1949c664b40eb6ef;hb=002a2f5c84731b49c88089a5edbea2935d60c826;hp=27e8da81f1bc5ca7eae80fa85a1b0d18faafbd4a;hpb=3d52c346ea0b7eb846e02702f51edd3e01c4e163;p=plcapi.git diff --git a/PLC/Persons.py b/PLC/Persons.py index 27e8da8..ff1b6cb 100644 --- a/PLC/Persons.py +++ b/PLC/Persons.py @@ -4,7 +4,7 @@ # Mark Huang # Copyright (C) 2006 The Trustees of Princeton University # -# $Id: Persons.py,v 1.1 2006/09/06 15:36:07 mlhuang Exp $ +# $Id: Persons.py,v 1.32 2007/01/11 05:37:55 mlhuang Exp $ # from types import StringTypes @@ -13,63 +13,64 @@ import md5 import time from random import Random import re +import crypt from PLC.Faults import * +from PLC.Debug import log from PLC.Parameter import Parameter -from PLC.Debug import profile +from PLC.Filter import Filter from PLC.Table import Row, Table -from PLC.Roles import Roles -from PLC.Addresses import Address, Addresses +from PLC.Roles import Role, Roles from PLC.Keys import Key, Keys -from PLC import md5crypt -import PLC.Sites +from PLC.Messages import Message, Messages class Person(Row): """ Representation of a row in the persons table. To use, optionally instantiate with a dict of values. Update as you would a - dict. Commit to the database with flush(). + dict. Commit to the database with sync(). """ + table_name = 'persons' + primary_key = 'person_id' + join_tables = ['person_key', 'person_role', 'person_site', 'slice_person', 'person_session', 'peer_person'] fields = { - 'person_id': Parameter(int, "Account identifier"), - 'first_name': Parameter(str, "Given name"), - 'last_name': Parameter(str, "Surname"), - 'title': Parameter(str, "Title"), - 'email': Parameter(str, "Primary e-mail address"), - 'phone': Parameter(str, "Telephone number"), - 'url': Parameter(str, "Home page"), - 'bio': Parameter(str, "Biography"), - 'accepted_aup': Parameter(bool, "Has accepted the AUP"), + 'person_id': Parameter(int, "User identifier"), + 'first_name': Parameter(str, "Given name", max = 128), + 'last_name': Parameter(str, "Surname", max = 128), + 'title': Parameter(str, "Title", max = 128, nullok = True), + 'email': Parameter(str, "Primary e-mail address", max = 254), + 'phone': Parameter(str, "Telephone number", max = 64, nullok = True), + 'url': Parameter(str, "Home page", max = 254, nullok = True), + 'bio': Parameter(str, "Biography", max = 254, nullok = True), 'enabled': Parameter(bool, "Has been enabled"), - 'deleted': Parameter(bool, "Has been deleted"), - 'password': Parameter(str, "Account password in crypt() form"), - 'last_updated': Parameter(str, "Date and time of last update"), - 'date_created': Parameter(str, "Date and time when account was created"), - } - - # These fields are derived from join tables and are not actually - # in the persons table. - join_fields = { + 'password': Parameter(str, "Account password in crypt() form", max = 254), + 'verification_key': Parameter(str, "Reset password key", max = 254, nullok = True), + 'verification_expires': Parameter(int, "Date and time when verification_key expires", nullok = True), + 'last_updated': Parameter(int, "Date and time of last update", ro = True), + 'date_created': Parameter(int, "Date and time when account was created", ro = True), 'role_ids': Parameter([int], "List of role identifiers"), 'roles': Parameter([str], "List of roles"), 'site_ids': Parameter([int], "List of site identifiers"), - } - - # These fields are derived from join tables and are not returned - # by default unless specified. - extra_fields = { - 'address_ids': Parameter([int], "List of address identifiers"), 'key_ids': Parameter([int], "List of key identifiers"), 'slice_ids': Parameter([int], "List of slice identifiers"), + 'peer_id': Parameter(int, "Peer to which this user belongs", nullok = True), + 'peer_person_id': Parameter(int, "Foreign user identifier at peer", nullok = True), } - default_fields = dict(fields.items() + join_fields.items()) - all_fields = dict(default_fields.items() + extra_fields.items()) - - def __init__(self, api, fields): - Row.__init__(self, fields) - self.api = api + # for Cache + class_key = 'email' + foreign_fields = ['first_name', 'last_name', 'title', 'email', 'phone', 'url', + 'bio', 'enabled', 'password', ] + # forget about these ones, they are read-only anyway + # handling them causes Cache to re-sync all over again + # 'last_updated', 'date_created' + foreign_xrefs = [ + {'field' : 'key_ids', 'class': 'Key', 'table' : 'person_key' } , + {'field' : 'site_ids', 'class': 'Site', 'table' : 'person_site'}, +# xxx this is not handled by Cache yet +# 'role_ids': Parameter([int], "List of role identifiers"), +] def validate_email(self, email): """ @@ -93,15 +94,15 @@ class Person(Row): rest = email[at_sign+1:] domain = rest.split('.') - # This means local, unqualified addresses, are no allowed + # This means local, unqualified addresses, are not allowed if not domain: raise invalid_email if len(domain) < 2: raise invalid_email conflicts = Persons(self.api, [email]) - for person_id, person in conflicts.iteritems(): - if not person['deleted'] and ('person_id' not in self or self['person_id'] != person_id): + for person in conflicts: + if 'person_id' not in self or self['person_id'] != person['person_id']: raise PLCInvalidArgument, "E-mail address already in use" return email @@ -112,38 +113,20 @@ class Person(Row): database. """ - if len(password) > len(md5crypt.MAGIC) and \ - password[0:len(md5crypt.MAGIC)] == md5crypt.MAGIC: + magic = "$1$" + + if len(password) > len(magic) and \ + password[0:len(magic)] == magic: return password else: - # Generate a somewhat unique 2 character salt string + # Generate a somewhat unique 8 character salt string salt = str(time.time()) + str(Random().random()) salt = md5.md5(salt).hexdigest()[:8] - return md5crypt.md5crypt(password, salt) - - def validate_role_ids(self, role_ids): - """ - Ensure that the specified role_ids are all valid. - """ + return crypt.crypt(password.encode(self.api.encoding), magic + salt + "$") - roles = Roles(self.api) - for role_id in role_ids: - if role_id not in roles: - raise PLCInvalidArgument, "No such role" - - return role_ids - - def validate_site_ids(self, site_ids): - """ - Ensure that the specified site_ids are all valid. - """ - - sites = PLC.Sites.Sites(self.api, site_ids) - for site_id in site_ids: - if site_id not in sites: - raise PLCInvalidArgument, "No such site" - - return site_ids + validate_date_created = Row.validate_timestamp + validate_last_updated = Row.validate_timestamp + validate_verification_expires = Row.validate_timestamp def can_update(self, person): """ @@ -193,52 +176,18 @@ class Person(Row): return False - def add_role(self, role_id, commit = True): - """ - Add role to existing account. - """ - - assert 'person_id' in self - - person_id = self['person_id'] - self.api.db.do("INSERT INTO person_roles (person_id, role_id)" \ - " VALUES(%(person_id)d, %(role_id)d)", - locals()) - - if commit: - self.api.db.commit() - - assert 'role_ids' in self - if role_id not in self['role_ids']: - self['role_ids'].append(role_id) - - def remove_role(self, role_id, commit = True): - """ - Remove role from existing account. - """ - - assert 'person_id' in self - - person_id = self['person_id'] - self.api.db.do("DELETE FROM person_roles" \ - " WHERE person_id = %(person_id)d" \ - " AND role_id = %(role_id)d", - locals()) - - if commit: - self.api.db.commit() + add_role = Row.add_object(Role, 'person_role') + remove_role = Row.remove_object(Role, 'person_role') - assert 'role_ids' in self - if role_id in self['role_ids']: - self['role_ids'].remove(role_id) + add_key = Row.add_object(Key, 'person_key') + remove_key = Row.remove_object(Key, 'person_key') def set_primary_site(self, site, commit = True): """ - Set the primary site for an existing account. + Set the primary site for an existing user. """ assert 'person_id' in self - assert isinstance(site, PLC.Sites.Site) assert 'site_id' in site person_id = self['person_id'] @@ -261,158 +210,46 @@ class Person(Row): self['site_ids'].remove(site_id) self['site_ids'].insert(0, site_id) - def flush(self, commit = True): - """ - Commit changes back to the database. - """ - - self.validate() - - # Fetch a new person_id if necessary - if 'person_id' not in self: - rows = self.api.db.selectall("SELECT NEXTVAL('persons_person_id_seq') AS person_id") - if not rows: - raise PLCDBError, "Unable to fetch new person_id" - self['person_id'] = rows[0]['person_id'] - insert = True - else: - insert = False - - # Filter out fields that cannot be set or updated directly - fields = dict(filter(lambda (key, value): key in self.fields, - self.items())) - - # Parameterize for safety - keys = fields.keys() - values = [self.api.db.param(key, value) for (key, value) in fields.items()] - - if insert: - # Insert new row in persons table - sql = "INSERT INTO persons (%s) VALUES (%s)" % \ - (", ".join(keys), ", ".join(values)) - else: - # Update existing row in persons table - columns = ["%s = %s" % (key, value) for (key, value) in zip(keys, values)] - sql = "UPDATE persons SET " + \ - ", ".join(columns) + \ - " WHERE person_id = %(person_id)d" - - self.api.db.do(sql, fields) - - if commit: - self.api.db.commit() - def delete(self, commit = True): """ - Delete existing account. + Delete existing user. """ - assert 'person_id' in self - - # Make sure extra fields are present - persons = Persons(self.api, [self['person_id']], - ['address_ids', 'key_ids']) - assert persons - self.update(persons.values()[0]) - - # Delete all addresses - addresses = Addresses(self.api, self['address_ids']) - for address in addresses.values(): - address.delete(commit = False) - # Delete all keys keys = Keys(self.api, self['key_ids']) - for key in keys.values(): + for key in keys: key.delete(commit = False) # Clean up miscellaneous join tables - for table in ['person_roles', 'person_capabilities', 'person_site', - 'node_root_access', 'dslice03_sliceuser']: - self.api.db.do("DELETE FROM %s" \ - " WHERE person_id = %d" % \ + for table in self.join_tables: + self.api.db.do("DELETE FROM %s WHERE person_id = %d" % \ (table, self['person_id'])) # Mark as deleted self['deleted'] = True - self.flush(commit) + self.sync(commit) class Persons(Table): """ Representation of row(s) from the persons table in the - database. Specify deleted and/or enabled to force a match on - whether a person is deleted and/or enabled. Default is to match on - non-deleted accounts. + database. """ - def __init__(self, api, person_id_or_email_list = None, extra_fields = [], deleted = False, enabled = None): - self.api = api - - role_max = Roles.role_max - - # N.B.: Site IDs returned may be deleted. Persons returned are - # never deleted, but may not be enabled. - sql = "SELECT persons.*" \ - ", roles.role_id, roles.name AS role" \ - ", person_site.site_id" \ - - # N.B.: Joined IDs may be marked as deleted in their primary tables - join_tables = { - # extra_field: (extra_table, extra_column, join_using) - 'address_ids': ('person_address', 'address_id', 'person_id'), - 'key_ids': ('person_keys', 'key_id', 'person_id'), - 'slice_ids': ('dslice03_sliceuser', 'slice_id', 'person_id'), - } - - extra_fields = filter(join_tables.has_key, extra_fields) - extra_tables = ["%s USING (%s)" % \ - (join_tables[field][0], join_tables[field][2]) \ - for field in extra_fields] - extra_columns = ["%s.%s" % \ - (join_tables[field][0], join_tables[field][1]) \ - for field in extra_fields] - - if extra_columns: - sql += ", " + ", ".join(extra_columns) - - sql += " FROM persons" \ - " LEFT JOIN person_roles USING (person_id)" \ - " LEFT JOIN roles USING (role_id)" \ - " LEFT JOIN person_site USING (person_id)" - - if extra_tables: - sql += " LEFT JOIN " + " LEFT JOIN ".join(extra_tables) - - # So that people with no roles have empty role_ids and roles values - sql += " WHERE (role_id IS NULL or role_id <= %(role_max)d)" - - if deleted is not None: - sql += " AND persons.deleted IS %(deleted)s" - - if enabled is not None: - sql += " AND persons.enabled IS %(enabled)s" - - if person_id_or_email_list: - # Separate the list into integers and strings - person_ids = filter(lambda person_id: isinstance(person_id, (int, long)), - person_id_or_email_list) - emails = filter(lambda email: isinstance(email, StringTypes), - person_id_or_email_list) - sql += " AND (False" - if person_ids: - sql += " OR person_id IN (%s)" % ", ".join(map(str, person_ids)) - if emails: - # Case insensitive e-mail address comparison - sql += " OR lower(email) IN (%s)" % ", ".join(api.db.quote(emails)).lower() - sql += ")" - - # The first site_id in the site_ids list is the primary site - # of the user. See AdmGetPersonSites(). - sql += " ORDER BY person_site.is_primary DESC" - - rows = self.api.db.selectall(sql, locals()) - for row in rows: - if self.has_key(row['person_id']): - person = self[row['person_id']] - person.update(row) - else: - self[row['person_id']] = Person(api, row) + def __init__(self, api, person_filter = None, columns = None): + Table.__init__(self, api, Person, columns) + + sql = "SELECT %s FROM view_persons WHERE deleted IS False" % \ + ", ".join(self.columns) + + if person_filter is not None: + if isinstance(person_filter, (list, tuple, set)): + # Separate the list into integers and strings + ints = filter(lambda x: isinstance(x, (int, long)), person_filter) + strs = filter(lambda x: isinstance(x, StringTypes), person_filter) + person_filter = Filter(Person.fields, {'person_id': ints, 'email': strs}) + sql += " AND (%s)" % person_filter.sql(api, "OR") + elif isinstance(person_filter, dict): + person_filter = Filter(Person.fields, person_filter) + sql += " AND (%s)" % person_filter.sql(api, "AND") + + self.selectall(sql)